Knowledge Base

When using SSH to access a remote system, there are two methods of authentication: password and public-key authentication.

Firstly, sshd and ssh have to be setup on QNX before accessing into a QNX remote system through ssh or using QNX to access a remote system. The links to configure them for QNX 7.1.0 are listed below:
http://www.qnx.com/developers/docs/7.1/index.html#com.qnx.doc.neutrino.utilities/topic/s/sshd.html
http://www.qnx.com/developers/docs/7.1/index.html#com.qnx.doc.neutrino.utilities/topic/s/ssh.html

In general, the host(client) stores the private and public keys in /etc/ssh. The remote system (server) has to have public keys for each host in a file called authorized_keys located in ~/.ssh/authorized_keys.

The below instructions are applicable for both Linux and QNX

1. In the host system, navigate to /etc/ssh directory that contains the keys. There are different types of keys based on their encryption algorithm (DSA, RSA, ECDSA, Ed25519). In this example, RSA encrypted keys are used.

2. If there are no keys available in this directory, keys can be created using ssh-keygen. Below is an example:

ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''

3. Run the following command to copy over the public key over to the remote system (ensure that .ssh directory exists under the USER/root's directory)

cat ~/.ssh/ssh_host_rsa_key.pub | ssh root@<ipAddress> "cat >> .ssh/authorized_keys"

Alter the path of .ssh depending on where it is located inside the user directory. If this works without any issues, the public key will be appended to the USER/.ssh/authorized_keys file. If the user is a different directory, (for example: /home/qnxuser), then the authorized_keys file would be created in /home/qnxuser/.ssh/authorized_keys. In a remote Linux system, authorized_keys file can be located or created in ~/.ssh.

You may also choose to perform this step in the build script through inserting the following lines (when QNX is the remote system):

[uid=1000 gid=1000 perms=0755 type=dir] /root
[uid=1000 gid=1000 perms=0755 type=dir] /root/.ssh
[uid=1000 gid=1000 perms=0600] /root/.ssh/authorized_keys = {
ssh-rsa AAAAAB3NzaC1yc2EAAAADAQABAAABAQCyVGaw1PuEl98...aVFft085yvVq7KZbF2OPPbl+erDW91+EZ2FgEi+v1/CSJ5 your_username@hostname
}

4. Run the following commands to give .ssh and authorized_keys appropriate file permissions:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

If root is going to be used to log in to ssh (root@ipAddress), it is important to ensure that the authorized_keys file is also owned by "root" and located under /root/.ssh.

5. In your remote system, ensure that the following lines are present in /etc/ssh/sshd_config

PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no

This will disable password authentication and force authentication public keys.

6. You can now login to the remote system from host using "ssh root@<remoteIPAddress>"


The process is slightly different when there is a need to access a QNX server/remote system through Windows

1. Follow the instructions in https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement until the end of the section "User key generation"
2. In the end, public and private keys should be stored in C:\Users\username/.ssh/id_rsa (using rsa in this case)
3. To deploy this public key, we need to navigate to C:\Users\username/.ssh/id_rsa.pub, open and manually copy its contents.